tahoe-lafs/trac-2024-07-25
2
0
Issues 1.1k Wiki Activity

[Imported from Trac: page NewCaps/WhatCouldGoWrong, version 4]

davidsarah 2009-10-11 00:45:20 +00:00
parent 5f3747865e
commit 51006cf958
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
NewCaps/WhatCouldGoWrong.md

@ -3,10 +3,10 @@ This is about What Could Go Wrong with the "Elk Point 2" immutable file caps: <h
| | | | | | | | | | | | | | | |
|---|---|---|---|---|---|---| |---|---|---|---|---|---|---|
|#|*what bad thing could happen*|*how*|*who could do it*|*what could they target*|*what crypto property prevents it*|*how expensive to brute force*| |#|*what bad thing could happen*|*how*|*who could do it*|*what could they target*|*what crypto property prevents it*|*how expensive to brute force*|
|1|shape-shifter immutable file [1]footnote|collide read-cap (*R*,*T*)|creator of a file|their own file|the hash function's and cap format's collision resistance on the read-cap (*R*,*T*)|2^(*r*+*t*)/2^| |1|shape-shifter immutable file [1]footnote|collide read-cap (*R*,*T*)|creator of a file|their own file|the hash function's and cap format's collision resistance on the read-cap (*R*,*T*). This also depends on the encryption of K1 being deterministic and correct.|2^(*r*+*t*)/2^|
|2|unauthorized read|attack the encryption of *K1* with *R*|anyone|any one file|the cipher's security and the secrecy of the read-key *R*|2^*r*^| |2|unauthorized read|attack the encryption of *K1* with *R*|anyone|any one file|the cipher's security and the secrecy of the read-key *R*|2^*r*^|
|3|forgery of immutable file|generate a matching read-cap (*R*,*T*) for someone else's file|anyone|any one file|the hash function's and cap format's second-pre-image resistance on (*R*,*T*)|2^*r*+*t*^| |3|forgery of immutable file|generate a matching read-cap (*R*,*T*) for someone else's file|anyone|any one file|the hash function's and cap format's second-pre-image resistance on (*R*,*T*)|2^*r*+*t*^|
|4|roadblock or speedbump [2]footnote|generate (*K1enc*,*Dhash*,*V*) which hash to someone else's *T*, and copy their *S*|anyone|any one file|the hash function's and cap format's collision resistance on *T*|2^*t*^| |4|roadblock or speedbump [2]footnote|generate (*K1enc*,*Dhash*,*V*) that hash to someone else's *T*, and copy their *S*|anyone|any one file|the hash function's and cap format's collision resistance on *T*|2^*t*^|
|5|unauthorized read|attack the encryption of the plaintext with *K1*|anyone|any one file|the cipher's security and the secrecy of the encryption key *K1*|2^*k*^| |5|unauthorized read|attack the encryption of the plaintext with *K1*|anyone|any one file|the cipher's security and the secrecy of the encryption key *K1*|2^*k*^|
|6|unauthorized read|figure out the input to the hash function that generates *S*|anyone|any one file|the hash function's pre-image resistance on *S*|brute force attack on *R* is !#2| |6|unauthorized read|figure out the input to the hash function that generates *S*|anyone|any one file|the hash function's pre-image resistance on *S*|brute force attack on *R* is !#2|